Final Project: The Banks Headquarters Will Have It

Final Project The Banks Headquarter Will Havethe Willthe2

Final Project The banks headquarter will have: The will The 250 users A datacenter Different departments (Create VLANs / Subnets) 7 Floors The datacenter will be located in the middle of the building. bank is connected to the internet meaning ISP will be involved, DMZ Firewall be required. project will be 33 % of each of the following: ⣠Technical ⣠Communication / Presentation skills ⣠Budget / Finance (Microsoft Excel will be required) Items needed for users at headquarter: ⣠IP phones ⣠VLANs ⣠Printers / Copiers Items needed for the Datacenter (Datacenter is very confidential) ⣠Switches ⣠Routers ⣠Servers ⣠Work Stations ⣠IP phones ⣠Firewall / DMZ The project will be submitted in PDF.

Final Project Part B As mentioned in Final Project Part A, the Bank Company will have 15 branches which will have the following inventory: 1- Router 2- Switches 3- PCs / Workstations 4- 3 Printers / Copiers 5- Servers / IP Phones 6- 4 ⣠6 Cameras 7- 1 ATM with IP address The video captured from the cameras will be stored 7 days on site and 3 days off site. Create a different subnet for different subnet for you cameras. For redundancy you can get 2 separates ISP line for each branch. Your ISP will give a public /30 subnet for headquarter and each branch. On a T1 approach, you are building your own internet meaning all branches are connected to the HQ which makes it a point of failure. On an ISP approach you will use VPN to connect to HQ. You can use a private class C IP address with the default subnet mask of 255.255.255.0 for each of your subnets. Make sure not to use the same IP scheme on you branches.

Paper For Above instruction

The implementation of a robust and secure network infrastructure for a banking institution is paramount, given the sensitive nature of financial data and the necessity for continuous availability. This paper delineates the network design blueprint for a bank's headquarters and its 15 branches, emphasizing VLAN segmentation, subnetting, redundancy, security, and connectivity strategies to ensure operational resilience, security, and efficient management.

Introduction

The modern banking environment demands a comprehensive network architecture that supports scalable, secure, and reliable connectivity for both headquarters and branch offices. The network must accommodate approximately 250 users at the headquarters, alongside the integration of a data center, various departmental VLANs, and secure internet access via an ISP with DMZ firewall policies. Simultaneously, the branch network must support diverse inventory including routers, switches, workstations, printers, servers, IP phones, cameras, and ATM systems. Ensuring high availability, security, and efficient management are core objectives.

Network Design for the Headquarters

The headquarters comprises seven floors, with the data center strategically located at the center of the building to minimize latency and facilitate effective management. The network design incorporates VLAN segmentation to isolate departments such as finance, HR, IT, and operations. Segmentation is vital for security and traffic management, with each VLAN assigned a unique subnet within the private IP address space. A Class C private IP range, such as 192.168.0.0/24, provides sufficient address space for the VLANs, considering the total number of users and devices.

The core network infrastructure includes managed switches, routers, and a firewall with DMZ capabilities to segregate public-facing services from the internal network. The DMZ hosts internet-facing servers, such as web or email servers, protected by the firewall policies. Redundancy is achieved through dual ISP links, providing failover capabilities to ensure continuous internet connectivity. The datacenter equipment—including servers, storage, and network devices—is housed in a secured environment with dedicated switches, routers, and IP phones for management and alerting purposes.

Branch Network Architecture

The 15 branches operate with similar equipment inventories, including routers, switches, PCs, printers, servers, IP phones, cameras, and ATMs. The network design incorporates separate subnets for each device type, with particular attention to camera networks, which require dedicated segments for monitoring and recording. Camera footage is stored locally for seven days and off-site for an additional three days, necessitating separate subnet allocations for each camera cluster to facilitate manageable routing and security policies.

Highly available connectivity between branches and headquarters can be established in two ways. A T1 point-to-point leased line creates a dedicated, albeit single-failure, link that centralizes connectivity. Alternatively, employing dual ISP links with VPN tunnels provides redundancy, ensuring continued operation even if one ISP fails. Each branch's public IP address allocations are based on CIDR /30 subnets supplied by the ISP, allowing for point-to-point links, while private internal IP addressing is used within each site to isolate and secure internal communications.

IP Addressing and Subnetting

Consistent with best practices, private IP space (such as 192.168.x.x or 10.x.x.x) is assigned within each site, avoiding IP conflicts across sites. For the headquarters, an address scheme like 192.168.0.0/24 can be subdivided into smaller subnets for each VLAN—for example, 192.168.1.0/28 for finance, 192.168.2.0/28 for HR, and so forth. This arrangement facilitates efficient traffic routing, security policies, and network management.

Branch networks utilize /28 subnets for local devices, with separate VLANs established for workstations, printers, servers, and cameras. Cameras are allocated distinct subnets, such as 192.168.50.0/29, to isolate surveillance traffic. Each branch receives a unique private IP scheme, ensuring no overlap with other branches.

Connectivity Strategies and Redundancy

In a T1 approach, all branches connect directly to the headquarters, creating a centralized but vulnerable network point. This architecture risks total failure if the headquarters link fails, highlighting the importance of redundant pathways. The preferred approach employs VPNs over dual ISP lines, providing secure, encrypted communication while maintaining redundancy. VPN tunneling allows for secure inter-branch data flow, with the headquarters acting as a central hub.

Security Considerations

Security measures include implementing firewalls with DMZ configurations, VLAN segmentation for isolation, and VPN tunnels for remote connectivity. All network devices must support secure protocols (e.g., SSH, IPsec) and be regularly updated to prevent vulnerabilities. Surveillance cameras operate on a separate subnet with strict access controls to prevent unauthorized access. Data stored both locally and off-site should be encrypted, aligning with regulatory standards.

Budgeting and Documentation

The project budget encompasses equipment procurement, configuration, and maintenance costs, with detailed tracking via Microsoft Excel accounting for hardware, software, and labor expenses. The documentation of network topology, IP addressing schemes, security policies, and configuration procedures ensures effective management and troubleshooting.

Conclusion

A meticulously planned network, integrating VLAN segmentation, redundancy, security, and scalable connectivity solutions, is vital for the bank's operational integrity. By segregating network segments, implementing VPNs and dual ISP lines, and establishing comprehensive security controls, the bank can achieve high availability, security, and operational efficiency. Proper documentation and budgeting further guarantee sustainable management and compliance with industry standards.

References

• Odom, W. (2019). CCNA 200-301 Official Cert Guide. Cisco Press.
• Kumari, S., & Singh, A. (2021). Securing enterprise network infrastructure with VLANs and firewalls. IEEE Security & Privacy, 19(4), 71-78.
• Stallings, W. (2020). Data and Computer Communications. Pearson.
• Housley, R., & Polk, W. (2018). VPN security practices. National Institute of Standards and Technology (NIST).
• FitzGerald, J., & Dennis, A. (2022). Business Data Communications and Networking. Wiley.
• Raghunathan, S., & Raju, R. (2019). Network design strategies for enterprise security. Journal of Network and Systems Management, 27(1), 10-25.
• Cisco Systems. (2020). Enterprise network security solutions. Cisco White Paper.
• Chen, L., & Zhao, Q. (2022). Designing resilient network architectures for financial institutions. International Journal of Network Management, 32(3), e2280.
• Kurose, J. F., & Ross, K. W. (2021). Computer Networking: A Top-Down Approach. Pearson.
• Bahmani, S., & Ramezan, H. (2020). Cost analysis and budgeting for enterprise network deployment. Telecommunications Policy, 44(8), 101984.